People tend to set DNS names for servers they have in the cloud. For example, they set a DNS record for vpn.mycompany.com. However, when they later release the server, after they do not need it anymore, they do not delete the DNS entry. The DNS entry becomes “stale”. In the paper the researchers demonstrate that it is relatively easy to get the IP address for a stale DNS entry. You can then use Let’s Encrypt to get a certificate for that domain. If now users that used vpn.mycompany.com go to vpn.mycompany.com, they are presented with a seemingly legitimate website that relatively easy to coheres them to e.g., download malicious software concealed as “a new version of your VPN client”. As this risks is mostly caused by human factors/procedural issues, the researchers propose a procedural way to mitigate this risk.